DoS? Then Who Was Phone?
January 7, 2013
Introduction This post presents exploitation notes on a vulnerability we discovered in Asterisk, an open source telephony solution produced by Digium. We reported this bug
Bypassing Microsoft’s Internet Explorer 0day “Fix It” Patch for CVE-2012-4792
January 4, 2013
Update: After we reported our bypasses to Microsoft, they released the MS13-008 bulletin to patch CVE-2012-4792 officially. After posting our analysis of the current 0day
Happy New Year Analysis of CVE-2012-4792
January 2, 2013
A new year has arrived and, although a little late, the time has come for me to unpack the present that Santa gave to the
What does a flightless bird and SCADA software have in common?
November 25, 2012
They’re both easy targets. If you’ve been paying attention to the security industry for any length of time then you’re probably familiar with the non-disclosure
Adobe Shockwave and Introspection
August 12, 2012
From Wikipedia: In computing, type introspection is the ability for a program to examine the type or properties of an object at runtime. These days